On Wed, 18 Aug 2004, Alex Conta wrote: > > As Pekka already said that this issue is not just with > > ICMPv6 but with any bad traffic. For what all bad traffic > > a router should perform rate limiting for is a general > > question and should be completely outside the scope of > > the ICMPv6 Protocol spec. > > > > Does this ICMPv6 scope conform with the reality of the spec, or just > with some thinking of how the spec should be? Do we need to use some > magic for instance to see in the text the word "originate" instead of > "send"?
Definitely "originate", and similar other tweaking to make sure the spec can only be interpreted one way. > So then we write a separate ICMP specification just > to help us figure out how/howmuch to rate limit the forwarded ICMP > messages, right? You can write it if you want :-). But being frank, I doubt it'll receive sufficient interest to move forward except possibly as an Informational RFC in an operational working group, so the next steps are more of an academic question. (read: do we have a specification how routers do other kinds of rate-limiting for other kind of traffic? not that I'm aware of!) > If technically the rate limiting operation for forwarding ICMP is pretty > much the same as for ICMP origination, why can't we have it in one > document? It isn't the same thing at all. The parameters and mechanisms how to achieve the different goals are entirely different, as are the reasons for their configuration; forwarding limiters are an issue for network operators, origination limiters are an issue for protocol developers. > Why can't we have it in the ICMP spec? Should the IETF specify how routers forward or shape TCP SYN's, ACK's, or RST packets in the TCP specifications? NO! This is the same thing! > Or maybe we have it already and we had it there for the longest time.... > What is wrong with that? In my view nothing. I guess that no one except you read the word "send" like that (well, I don't know about Fred) *) -- so this argument doesn't hold. To everyone else, it was clear that the limiter was solely designed for origination, and everything else is out of scope. *) the fact that all the implementations I know of implement ICMP *origination* rate-limits, not *ICMP forwarding* rate-limits should speak of that. Can you name implementations which perform ICMP forwarding rate-limiting by default (as required for compliance according to the way you read it)? (Note that whether or not an implementation supports an administrator configuring generic rate-limiters is a separate issue altogether.) -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
